SIEM Content Engineer
DXC Technology
Job Description:
DXC Technology is seeking a SIEM Engineer to hire. This position can be remote for the right candidate!!
The qualified candidate will provide support to numerous SIEM instances with an emphasis on Azure Sentinel and QRadar. The Engineer will provide guidance and direction into the functional design, configuration, data management, reporting, O&M support and best practices for leveraging and managing the SIEM environment. The Engineer will develop and execute application ingestion processes to include capacity planning, infrastructure, and functional impact analyses.
Additionally, the Engineer will provide operational troubleshooting support and assist with complex problems of diverse scope where analysis of situation or data requires an in-depth evaluation of various factors. Furthermore, the candidate will support customers with designing reports, dashboards, and query troubleshooting.
Must work well with general guidance, generate competent technical input for operations documentation, be detailed and security oriented. Must have excellent oral and written communications skills, as well as excellent interpersonal skills. Must have worked in large enterprise class type environments, be in-line with industry best practices, think outside the box, and be able to make recommendations to improve overall governance and support continuous improvement
Azure qualified candidate Duties & Responsibilities:
High proficiency with Azure Sentinel and Azure Log Analytics.
Demonstrated background developing of analytics rules, incidents, playbooks, notebooks, workbooks, threat hunting and KQL Queries for Data Normalization and parsing capabilities within Log Analytics data integration pipeline.
Understanding of Security Operation Center tool applications Advanced event analysis leveraging Azure Sentinel SIEM.
Solid knowledge of M365 security toolsets.
Expertise in Azure Logic Apps, Microsoft Flow and Power BI.
Advanced incident investigation and response skill set Advanced log parsing and analysis skill set
Familiarity and practical application of advanced principles of ITIL/ITSM.
Ability to present to executive management incident debriefs and root cause analysis reports.
Maintain related documents including policies, processes, guides and SOPs.
Be a customer advocate by consistently meeting and/or exceeding expectations, and incorporating customer service into all aspects of work performed.
Qualified candidate Duties & Responsibilities:
The SIEM Content Engineer is responsible for maintaining and creating rules, reports, and monitoring channels within various SIEM tools.
The SIEM Content Engineer works with the engineering team to setup new clients in existing SIEM systems or setting up new SIEM systems.
The SIEM Content Engineer would also work with the SIEM monitoring team to provide training, feedback, and assistance, as well as create use case documentation for the SIEM alerts for them to use, therefore cybersecurity analysis skills are required.
The SIEM Content Engineer must have strong communication skills as they are heavily involved with client onboarding and process development, reporting, and status and performance meetings.
Basic Qualifications for all SIEM Engineers
Possess strong written and verbal communication skills and must be capable of the understanding, documenting, and communicating technical issues in a non-technical manner.
Working knowledge of Microsoft Word, PowerPoint, and Excel for the purpose of project plan development, documentation, and presentation deliverables.
Basic knowledge of incident investigation/response, including SIEM analyst experience; 3 years of practical experience in cybersecurity analysis skills preferred
Practical experience building and implementing event correlation rules, logic, and content in security information and event management (SIEM) systems such as QRadar, Splunk, ArcSight, Sentinel, etc.
Practical experience in tuning SIEM event correlation rules and logic to filter out security events associated with known and well-established network behavior, known false positives and/or known errors.
Practical experience in maintaining event schema with customized security severity criteria.
Basic experience in creating scheduled and ad-hoc reporting with SIEM tools.
Detailed knowledge of SIEM technologies and event collector deployments in the Windows and Linux operating environments.
Bachelors degree or equivalent combination of education and experience
Other Qualifications
Good communication skills to interact with team members, management, and support personnel
Good analytical and problem-solving skills for design, creation and testing of complex security systems
Ability to work independently and as part of a team
Work Environment
Remote, must work from and reside within the USA
Eastern USA Time Zone, 8-5 M-F
Occasional work off-hours as needed
Compensation at DXC is influenced by an array of factors, including but not limited to the experience, job-related knowledge, skills, competencies, as well as contract-specific affordability and organizational requirements. A reasonable estimate of the current compensation range for this position is $80,400 – $149,300.
Full-time hires are eligible to participate in the DXC benefit program. DXC offers a comprehensive, flexible, and competitive benefits program which includes, but is not limited to, health, dental, and vision insurance coverage; employee wellness; life and disability insurance; a retirement savings plan, paid holidays, paid time off.
If you are an applicant from the United States, Guam, or Puerto Rico
DXC Technology is an Equal Opportunity/Affirmative Action employer . All qualified candidates will receive consideration for employment without regard to disability, protected veteran status, race, color, religious creed, national origin, citizenship, marital status, sex, sexual orientation/gender identity, age or genetic information. DXCs commitment to diversity and inclusive selection practices includes ensuring qualified long-term unemployed job seekers receive equal consideration for employment. View postings below.
We participate in E-Verify. In addition to the posters already identified, DXC provides access to prospective employees for the Federal Minimum Wage Poster, Federal Polygraph Protection Act Poster as well as any state or locality specific applicant posters . To access the postings in the link below, select your state to view all applicable federal, state and locality postings. Postings are available in English, and in Spanish, where required. View postings below.
Postings link (https://mandatoryview.com/?LicenceId=c38a7700-5aa2-48a3-b95a-22e6e1fb0721&ProductType=OnlineApplicant&SubType=PG)
Disability Accommodations
If you are an individual with a disability, a disabled veteran, or a wounded warrior and you are unable or limited in your ability to access or use this site as a result of your disability, you may request a reasonable accommodation by contacting us via email (GSS-HR-ER@dxc.com) .
Please note: DXC will respond only to requests for accommodations due to a disability.
Recruitment fraud is a scheme in which fictitious job opportunities are offered to job seekers typically through online services, such as false websites, or through unsolicited emails claiming to be from the company. These emails may request recipients to provide personal information or to make payments as part of their illegitimate recruiting process. DXC does not make offers of employment via social media networks and DXC never asks for any money or payments from applicants at any point in the recruitment process, nor ask a job seeker to purchase IT or other equipment on our behalf. More information on employment scams is available here .